CVE-2012-2516

GE Intelligent Platforms - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-2516. PoCs published by Metasploit, including Metasploit module exploits/windows/browser/keyhelp_launchtripane_exec.

AI-analyzed exploit summary This Metasploit module exploits CVE-2012-2516, a vulnerability in the KeyHelp ActiveX control (keyhelp.ocx) that allows remote code execution via the LaunchTriPane method. It abuses ShellExecute to write arbitrary files and achieve RCE on Windows systems before Vista by uploading a payload and a MOF file.

Description

An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 and 5.1; Proficy Pulse 1.0; Proficy Batch Execution 5.6; SI7 I/O Driver 7.20 through 7.42; and other products, allows remote attackers to execute arbitrary commands via crafted input, related to a "command injection vulnerability."

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/21888

This Metasploit module exploits CVE-2012-2516, a vulnerability in the KeyHelp ActiveX control (keyhelp.ocx) that allows remote code execution via the LaunchTriPane method. It abuses ShellExecute to write arbitrary files and achieve RCE on Windows systems before Vista by uploading a payload and a MOF file.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: KeyHelp ActiveX Control (keyhelp.ocx) in GE Proficy products
No auth needed
Prerequisites: Target must have the vulnerable ActiveX control installed · WebClient service (WebDAV Mini-Redirector) must be enabled · Target must be running Windows XP or Windows Server 2003
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/keyhelp_launchtripane_exec.rb

This Metasploit module exploits a vulnerability in the KeyHelp ActiveX control (keyhelp.ocx) by abusing the 'LaunchTriPane' function to execute arbitrary commands via ShellExecute. It leverages the '-decompile' option in 'hh.exe' to write arbitrary files, achieving remote code execution on Windows systems before Vista.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: KeyHelp ActiveX control (keyhelp.ocx) in products like Proficy Historian, Proficy HMI/SCADA, etc.
No auth needed
Prerequisites: Target must have the vulnerable KeyHelp ActiveX control installed · WebClient service (WebDAV Mini-Redirector) must be enabled on the target · Target must be running Windows XP or Windows Server 2003
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.3971
EPSS Percentile 98.4%

Details

CWE
CWE-78
Status published
Products (10)
ge/intelligent_platforms_proficy_batch_execution 5.6
ge/intelligent_platforms_proficy_historian 3.1
ge/intelligent_platforms_proficy_historian 3.5
ge/intelligent_platforms_proficy_historian 4.0
ge/intelligent_platforms_proficy_historian 4.5
ge/intelligent_platforms_proficy_hmi\/scada_ifix 5.0
ge/intelligent_platforms_proficy_hmi\/scada_ifix 5.1
ge/intelligent_platforms_proficy_pulse 1.0
ge/intelligent_platforms_si7_i\/o_driver 7.20
ge/intelligent_platforms_si7_i\/o_driver 7.42
Published Jul 05, 2012
Tracked Since Feb 18, 2026